Advancements in technology have enabled factory applications to become partially or completely automated. For example, applications that once required workers to put themselves proximate to heavy machinery and other various hazardous conditions can now be completed at a safe distance from such hazards. Further, imperfections associated with human action have been minimized through employment of highly precise machines. Many of these factory devices supply data related to manufacturing to databases that are accessible by system/process/project managers on a factory floor. For instance, sensors can detect a number of times a particular machine has completed an operation within a set amount of time. Further, sensors can deliver data to a processing unit relating to system alarms. Thus, a factory automation system can review collected data and automatically and/or semi-automatically schedule maintenance of a device, replacement of a device, and other various procedures that relate to automating a process.
To enable this automation, consistent and trusted communication networks should be employed to facilitate communications between automation devices on a factory floor, as well as between automation devices and high-level systems. Furthermore, in light of constantly increasing processing capabilities with respect to automation devices and computers (desktop, servers, laptops, PDAs, . . . ) as well as greater available bandwidth, robust data structures can be communicated from an automation device in a first geographic region to an automation device in a disparate geographic region almost instantaneously. Thus, for example, an automation controller utilized for a particular manufacturing process in Detroit can communicate with an automation controller employed for a related manufacturing process in Pittsburgh. These advances in communication have enabled manufacturing to become more efficient and precise, with automation devices facilitating reduction of error and waste as well as enabling greater throughput.
Due to precision typically required in manufacturing settings, as well as safety concerns for humans on a factory floor, it is imperative that communications relating to automation devices and contents stored within memory of automation devices be secure. A series of examples is provided to illustrate hazards that can occur given insufficient security relating to an industrial automation environment. A high-level system can include commands to halt operation of a press upon a factory floor. Such commands can desirably be relayed to the press, and the halting of the press enables a technician to perform maintenance upon the press. If, however, a malicious hacker has obtained access to the commands and altered such commands (thereby enabling the press to operate normally), the technician can be in an extremely perilous situation. In another example, automation controllers (e.g., programmable logic controllers) can communicate with one another to effectuate manufacture of a pharmaceutical product or other ingestible product. If a malicious hacker can locate a particular automation controller and attack such controller, the pharmaceutical product can be compromised. Even if the attack is detected prior to the pharmaceutical reaching the general public, the company that manufactures such pharmaceutical suffers due to wasted time as well as wasted product. While the aforementioned examples relate to an industrial automation setting, these security issues can be associated with virtually any network. For instance, a network utilized by a bank can be subject to attack, thereby altering consumers' finances. For instance, due to a network attack, a bank may be unable to accept a direct deposit. A customer may have written a check in dependency upon such deposit and the check can be cashed, thereby resulting in an overdraw. Even if the bank corrects the problem, the customer is subject to embarrassment of overdrawing an account. In yet another example, an engineer performing one or more tests (or maintenance) on part of a system may inadvertently key in an incorrect address to a device that is not associated with security, and accidentally reprogram such device (rather than reprogramming an intended device). Such inadvertent keying can result in safety and/or quality problems that consequently can cause financial loss, injury, or even death.
Many networks that are associated with the aforementioned security risks utilize protocols that require devices within such network to be associated with a source and destination address. These addresses typically are hard coded and/or are issued to the device by a server when such device connects to the network. Furthermore, particular services that a device hosts or to which a device desires access are generally assigned fixed ports. In particular, common services such as web sites or web pages, sometimes used by devices for configuration purposes, are often accessible on common ports like port 80 so that standard web browsers, that assume port 80, can connect easily. In other words, status information can be served on port 80, thereby enabling a standard browser to connect to a networked device and monitor such device. Further, many common applications make assumptions that a database or application is available at particular ports—accordingly, viruses, worms, and the like can make similar assumptions. Devices desire to utilize a service on a disparate device typically connect to such device to access the service. The connecting device depends upon being able to locate the disparate device at a particular address and port in order to make such connection. Accordingly, when a malicious hacker wishes to cause damage to a network and/or devices within the network, such hacker often monitors the network and obtains address information relating to one or more devices prior to launching an attack. Such reconnaissance on the network can provide the hacker with a list of devices by network address, which ports the devices are serving, applications and services being provided by the device, and other critical information relating to the device. The hacker generally uses this information to plan and execute an attack against a network-connected device. For particular examples, viruses and worms often target networked systems that have services listening on certain well-documented ports.
In view of at least the above, there exists a need in the art for a system and/or methodology that facilitates thwarting hackers that may attempt to launch attacks, viruses, and worms in connection with a networked system.